spf-discuss-request | 14 Nov 14:43 2007

Welcome to spf-discuss

You have been subscribed to spf-discuss with the address

  gmssd-spf-discuss-1 <at> m.gmane.org

This list is for open discussion of the SPF e-mail anti-forgery system.

Subscription to this list, and posting to it, is a privilege, not a right.
The list operates according to the best practices described in RFC 1855.
Please review <http://www.ietf.org/proceedings/02mar/slides/plenary-3/>,
too.

Revocation of privileges operates according to an abbreviated form of
BCP83.  In short: kooks, crazy people, and rude people should expect to be
unsubscribed.

The SPF mailing list is intended for constructive discussion and promotion
of SPF.  If you believe that the SPF concept is fundamentally flawed,
please read the discussion archives at
    <http://archives.listbox.com/spf-discuss>  or
    <http://dir.gmane.org/gmane.mail.spam.spf.discuss> (searchable)
as your point has almost certainly been discussed at length before.
Rehashing old arguments, especially in a combative way, may be considered
rude by most people.  New arguements, or new information about old
arguments, however, are quite welcome.

ABOUT SPF

The SPF standard originated as a hybrid of Gordon Fecyk's DMP proposal and
Hadmut Danisch's RMX proposal.  It now provides a superset of their
functionality.  Find more information at <http://www.openspf.org>.
(Continue reading)

Frank Ellermann | 14 Nov 14:55 2007
Picon
Picon

Fresh meat

Test mail, don't panic.

The hutzler-spamops draft is now BCP 134,
http://tools.ietf.org/html/rfc5068

Minger is an interesting proposal by Arvel Hathcock,
http://tools.ietf.org/html/draft-hathcock-minger-04
http://www.openspf.org/Frank_Ellermann/Minger

There are new "statistics" and "Google" pages:
http://www.openspf.org/Statistics
http://www.openspf.org/Frank_Ellermann/Google

 Frank

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com

Frank Ellermann | 15 Nov 11:43 2007
Picon
Picon

Re: "Last Call" pending exp= (empty) erratum

Boyd Lynn Gerber wrote six months ago:

  [Stuart:]
>> I think they could be reworded as follows:
>> Option 1 never gives permerror for empty exp.
>> Option 2 gives permerror for both implicit and explicit empty exp
>> Option 3 gives permerror for explicit empty exp ("exp="), but not
>>    for implicit empty exp (as a result of macro expansion, e.g. 
>>    "exp=%h")

Good summary.

>> I favor option 1, for the same reason as Scott.  I could live with
>> Option 3: "Ok, someone clearly screwed up with an explicit exp=,
>> but don't let screwy HELO cause an SPF permerror on an otherwise
>> syntactically valid record."

> +1  I prefer option 1

Scott said 2, Julian proposed 2, I proposed 3.  When the result of a
question is no clear "no" or "rough" consensus the question was wrong,
paraphrasing ASCII-art posted by Brian on the IETF general list... ;-)

We need more facts, example policy:  "v=spf1 a:%{l}.example.org -all"
MAIL FROM "quote...me" <at> example.org

What's the <target-name> for this beast ?  Does the test suite already
cover something in the direction of quoted strings (+/- quote pairs)
in the local part ?

(Continue reading)

spf-discuss | 18 Nov 06:00 2007

SPF Mail Summary Report

                    iMail News Gateway Server v3.1                    
          (c) Copyright 1996-2005 Santronics Software, Inc.           

                        Mail Forum Statistics                         
                Date Range : 11 Nov 2007 - 16 Nov 2007
                Report Date: 18 Nov 2007

----------------------------------------------------------------------
Total Summary:
----------------------------------------------------------------------

Total Forums          : 2
Total Messages        : 22
Total Participants    : 12
Total Vendor Postings : 0
Total Mail/No Replies : 10  (45%)
          6+ Days Old : 3    4+ Days Old: 3
          2+ Days Old : 4    1 Day Old  : 0
Busiest Posting Hour  : 5pm  (6 msgs)
Busiest Posting Day   : Thursday  (11 msgs)

+-[ Hourly Posting Pattern ]----------------------+
|                                   *             |
|                                   *             |
|                                   *             |
|                                   *             |
|                                   *             |
| *                                 *             |
| *                                 *             |
| *                               * * * *         |
(Continue reading)

Frank Ellermann | 20 Nov 12:27 2007
Picon
Picon

Re: "Last Call" pending exp= (empty) erratum

Hi, the discussion about the empty exp= issue had no 
clear result.  In the spirit of "running code", what
do "real" SPF implementations when they stumble over
an empty exp= as in "v=spf1 exp=" ?  

Ignore it returning NEUTRAL for this minimal example,
or report it as PERMERROR ?

 Frank

-------------------------------------------
-----------------------------------------------------------------------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?member_id=6959932&id_secret=67081435-90365f
Powered by Listbox: http://www.listbox.com

Frank Ellermann | 22 Nov 09:40 2007
Picon
Picon

Authentication-Results

Hi, the Internet Draft specifying a new header field 
Authentication-Results is almost ready.  Some of us
likely regret that three years too late is really too
late, but we could still decide to support it as good
idea.

AFAIK the author intends to fix his "results" table:
Sender ID will get the same "smtp.helo" row as SPF,
and there won't be a separate "smtp.ehlo" row for SPF.

Actually there is no difference between Sender ID and
SPF wrt "smtp.mfrom" and "smtp.helo" results, the
draft could unify these rows.  Sender ID RFC 4406 got
a normative reference to SPF RFC 4408 about this.

IMO the "security considerations" have to state that
noting "hardfail" results instead of simply rejecting
"hardfail" will cause the loss of legit mails in some
arguably broken scenarios.

Assuming the author fixes this, can we "officially"
support his draft, on behalf of th SPF project ?  The
"iprev" check in this draft is quite interesting, and
the draft might also help the SSP-folks ("SSP" is the
keystone of DKIM).

 Frank

-------------------------------------------
-----------------------------------------------------------------------
(Continue reading)

Frank Ellermann | 22 Nov 10:07 2007
Picon
Picon

Re: "Last Call" pending exp= (empty) erratum

Update:  Option 1 is out, "running code" reports PERMERROR.

Looking again at it I think options 2 and 3 are equivalent,
both would report FAIL if the exp= <target-name> is empty
or otherwise unusable.  Option 2 is shorter (not talking
about empty <domain-name> at all), option 3 is a smaller
diff from 4408 (replacing <domain-name> by <target-name>).

How about picking the "shorter" option and be done with it ?

 Frank

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com

spf-discuss | 25 Nov 06:00 2007

SPF Mail Summary Report

                    iMail News Gateway Server v3.1                    
          (c) Copyright 1996-2005 Santronics Software, Inc.           

                        Mail Forum Statistics                         
                Date Range : 18 Nov 2007 - 24 Nov 2007
                Report Date: 25 Nov 2007

----------------------------------------------------------------------
Total Summary:
----------------------------------------------------------------------

Total Forums          : 2
Total Messages        : 24
Total Participants    : 13
Total Vendor Postings : 0
Total Mail/No Replies : 5  (20%)
          6+ Days Old : 2    4+ Days Old: 2
          2+ Days Old : 1    1 Day Old  : 0
Busiest Posting Hour  : 12am  (5 msgs)
Busiest Posting Day   : Monday  (10 msgs)

+-[ Hourly Posting Pattern ]----------------------+
|                         *                       |
|                         *                       |
|                         *     *                 |
|                         *     *                 |
|                         *     * *               |
|                         *     * *               |
| *                       * * * * *               |
| *                       * * * * *               |
(Continue reading)

Steve | 26 Nov 05:49 2007
Picon

SPF question

I have used the SPF wizard a while ago, and have the TXT file in my DNS as:
 
v=spf1 mx:mail.site.com.com ip4:71.36.27.200 -all

And I thought it was working correctly, but when I just sent a email tonight, I got a message back that said
 
Sender is forged (SPF Fail)
 
So.......what is the problem??
 
I changed the TLD name and the IP just to be safe for this posting, but they are the correct ones for my site.
 
Steve

Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?list_id=735
Scott Kitterman | 26 Nov 07:14 2007

Re: SPF question

On Sunday 25 November 2007 23:49, Steve wrote:
> I have used the SPF wizard a while ago, and have the TXT file in my DNS as:
>
> v=spf1 mx:mail.site.com.com ip4:71.36.27.200 -all
> And I thought it was working correctly, but when I just sent a email
> tonight, I got a message back that said
>
> Sender is forged (SPF Fail)
>
> So.......what is the problem??
>
> I changed the TLD name and the IP just to be safe for this posting, but
> they are the correct ones for my site.

This is more of an spf-help question, but ...

First, I'm going to assume that mail.site.com.com is mail.site.com.

Does mail.site.com.com have an MX record?  I except not.  I expect is is an MX 
and that what you want is a:mail.site.com.

Scott K

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com


Gmane